Install the SecureAuth® Identity Platform RADIUS Server

Install SecureAuth Identity Platform RADIUS server v20.12 or upgrade from SecureAuth IdP RADIUS server v1.0.x - v2.5.x or v19.06 - v20.12.

Important

Do not install SecureAuth Identity Platform RADIUS server v20.12 on a Windows Domain Controller.

If you are a new customer, for optimum performance, especially for large enterprises, install the SecureAuth RADIUS server separately from the Identity Platform server. If you are upgrading, consider moving SecureAuth RADIUS to its own server. If in doubt, contact SecureAuth Support.

Installation

Ensure that SecureAuth IdP version 9.3 or later or SecureAuth Identity Platform version 19.07 or later is installed.

  1. Download the installation file from the SecureAuth Product Downloads page.

    If RADIUS v1.0.x is currently installed, contact SecureAuth Support for detailed instructions.

    If RADIUS v2.0.x - v20.06.xx is currently installed, RADIUS v20.12.xx will be installed over the existing installation by default. You cannot select a different installation path.

    If you are installing RADIUS for the first time, RADIUS v20.12.xx will be installed in a new folder by default. RADIUS v20.12.xx is installed in C:\Program Files\SecureAuth Corporation\SecureAuth IdP RADIUS Agent. Optionally, you can select a different installation path by completing the following:

    1. Export all configurations.

    2. Uninstall SecureAuth RADIUS.

    3. Install the latest version of SecureAuth RADIUS and select the new installation folder.

    4. Use the SecureAuth RADIUS import tools to import the configuration settings.

  2. Find the downloaded SecureAuth-IdP-RADIUS-Server-20.12.04.exe file and double-click the file to start the install wizard.

    You must log in as an administrator to complete installation, unless you are already logged in as an administrator. If you are not logged in as an administrator, you will be prompted to log in as admin.

  3. Click Next > to proceed.

    1_Start.png
  4. Select the appropriate checkboxes to enable quick access to the RADIUS Admin Console via a desktop icon or the Start menu selection:

    • Create a Desktop icon.

    • Create an entry in the Start Menu.

  5. Click Next to review settings.

    60574000.png
  6. Review settings and do one of the following:

    • Click Back to make edits.

    • Or click Install to begin installing the RADIUS service.

      60573998.png
  7. After the installation is complete, optionally select the files to start when the wizard closes:

    • View README.

    • Launch RADIUS Administration Console.

  8. Click Finish to close the install wizard.

    60573996.png

    If either or both files were selected at step 7, the requested files are displayed.

  9. Optional: Add the radius.oath.strategy property to the "appliance.radius.properties" file if end users in your organization have multiple devices and you want to let them select which device to authenticate with.

    1. Open the "appliance.radius.properties" file, located in the conf folder, with a text editor, such as Notepad:

      <RADIUS_installation_directory>\SecureAuth IdP RADIUS Agent\bin\conf

      For example: C:\Program Files\SecureAuth Corporation\SecureAuth IdP RADIUS Agent\bin\conf

    2. Add the radius.oath.strategy property, as shown in the following image.

      60573995.png
    3. Save your change.

      When end users with multiple devices authenticate, they will see a screen that looks like the following example:

      60573994.png

      Additionally, SecureAuth RADIUS server supports both HOTP and TOTP in seed and token modes, so end users will see an answer choice of TOTP/HOTP instead of OTP, as shown in the following example image:

      60573992.png
  10. Optional: Configure the number of Universal Datagram Protocol (UDP) processor threads that SecureAuth RADIUS can use to receive access-request packets.

    Add the radius.processorThreads property to the appliance.radius.properties file.

    1. Open the "appliance.radius.properties" file, located in the conf folder, with a text editor, such as Notepad:

      <RADIUS_installation_directory>\SecureAuth IdP RADIUS Agent\bin\conf

      For example: C:\Program Files\SecureAuth Corporation\SecureAuth IdP RADIUS Agent\bin\conf

    2. Add the radius.processorThreads property, as shown in the following image.

      69108112.png

      If a value for radius.processorThreads is not specified, it is set to 50 by default, for best performance.

    3. Save your change.

    4. Restart secureAuthRadius in the Task Manager "Services" tab.

    5. When you lose connection, cancel out of the reconnect dialog. Connect in the Administrator PowerShell screen by adding the PID for the java.exe process. (Find the java.exe PID in the Task Manager "Details" tab.)

      jconsole.exe <PID>; for example, jconsole.exe 4648

  11. Optional: Configure the SecureAuth Identity Platform time-out value to maximize successful login requests.

    1. Open the appliance.radius.properties file, located in the conf folder, with a text editor, such as Notepad:

      <RADIUS_installation_directory>\SecureAuth IdP RADIUS Agent\bin\conf

      For example: C:\Program Files\SecureAuth Corporation\SecureAuth IdP RADIUS Agent\bin\conf

    2. Add the idp.api.timeout property, as shown in the following image.

      69108133.png

      If a value for idp.api.timeout is not specified, it is set to 50000 by default.

    3. Save your change.

  12. Optional: Configure SecureAuth IdP to support special characters for user IDs through the enable.special.characters.for.userid property. This property is true by default, which means special characters are supported. Customers running SecureAuth IdP v9.3+ or SecureAuth Identity Platform v19.07+ do not need to change this setting.

    SecureAuth IdP v9.2 customers:

    You must disable support for special characters; otherwise, end users who use special characters in their user IDs will not be able to authenticate.

    Set the enable.special.characters.for.userid to false because the SecureAuth RADIUS server cannot support special characters for user ID.

    1. Open the appliance.radius.properties file, located in the conf folder, with a text editor, such as Notepad:

      <RADIUS_installation_directory>\SecureAuth IdP RADIUS Agent\bin\conf

      For example:  C:\Program Files\SecureAuth Corporation\SecureAuth IdP RADIUS Agent\bin\confappliance.radius.properties

    2. Edit the enable.special.characters.for.userid property, as shown in the following image, and set it to false.

      appliance_radius_properties4.png
Next step...

Configure SecureAuth RADIUS server v20.12